<?php$u = $_POST['user'];$p = $_POST['pass'];//echo "$u - $p";$p1 = md5($p);//echo $p1;$str = "SELECT * FROM tbl_user WHERE username='$u' AND password='$p1'";$result = mysql_query($str);$rows = mysql_fetch_array($result);if($rows){	$_SESSION['ok'] = 1;	echo "Dang nhap thanh cong!";	header('index.php?mod=product&act=list.php');}	else	echo "Dang nhap that bai!";?>